linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] tty:tty_ldisc: add tty_ldisc_lock|unlock to prevent concurrent update to ldisc in tty_ldisc_deinit
@ 2017-04-09 16:59 Wang YanQing
  2017-04-10  0:33 ` Michael Neuling
  0 siblings, 1 reply; 2+ messages in thread
From: Wang YanQing @ 2017-04-09 16:59 UTC (permalink / raw)
  To: gregkh
  Cc: jslaby, linux-kernel, mikey, viro, johan, peter, alex.popov,
	robh, mpatocka, dvyukov, benh

This patch could fix the issue that free_tty_struct in tty_io
calling tty_ldisc_deinit without holding tty->ldisc_sem.

Signed-off-by: Wang YanQing <udknight@gmail.com>
---
 drivers/tty/tty_ldisc.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
index b1f7fa5..674421b 100644
--- a/drivers/tty/tty_ldisc.c
+++ b/drivers/tty/tty_ldisc.c
@@ -771,7 +771,9 @@ void tty_ldisc_init(struct tty_struct *tty)
  */
 void tty_ldisc_deinit(struct tty_struct *tty)
 {
+	tty_ldisc_lock(tty, MAX_SCHEDULE_TIMEOUT);
 	if (tty->ldisc)
 		tty_ldisc_put(tty->ldisc);
 	tty->ldisc = NULL;
+	tty_ldisc_unlock(tty);
 }
-- 
1.8.5.6.2.g3d8a54e.dirty

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] tty:tty_ldisc: add tty_ldisc_lock|unlock to prevent concurrent update to ldisc in tty_ldisc_deinit
  2017-04-09 16:59 [PATCH] tty:tty_ldisc: add tty_ldisc_lock|unlock to prevent concurrent update to ldisc in tty_ldisc_deinit Wang YanQing
@ 2017-04-10  0:33 ` Michael Neuling
  0 siblings, 0 replies; 2+ messages in thread
From: Michael Neuling @ 2017-04-10  0:33 UTC (permalink / raw)
  To: Wang YanQing, gregkh
  Cc: jslaby, linux-kernel, viro, johan, peter, alex.popov, robh,
	mpatocka, dvyukov, benh

Wang,

Applying this, with the other one on top and it doesn't fix the problem (applied
on next-20170405). I tried each patch by itself, with the same bad result.

Thanks for the help but the backtrace is the same:

Unable to handle kernel paging request for data at address 0x00002260
Faulting instruction address: 0xc000000000568800
Oops: Kernel access of bad area, sig: 11 [#1]
SMP NR_CPUS=32 
NUMA 
PowerNV
Modules linked in:
CPU: 6 PID: 177 Comm: kworker/u56:1 Not tainted 4.11.0-rc5-next-20170405-00002-g34d2ff03e6 #9
Workqueue: events_unbound flush_to_ldisc
task: c0000077c498a280 task.stack: c0000077c49f8000
NIP: c000000000568800 LR: c0000000005687e8 CTR: c000000000569310
REGS: c0000077c49fb890 TRAP: 0300   Not tainted  (4.11.0-rc5-next-20170405-00002-g34d2ff03e6)
MSR: 900000000280b033 <SF,HV,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>
  CR: 24042428  XER: 00000000
CFAR: c000000000956adc DAR: 0000000000002260 DSISR: 40000000 SOFTE: 1 
GPR00: c0000000005687e8 c0000077c49fbb10 c000000000f3cb00 c0000077c32710d8 
GPR04: c0000077bf556c20 c0000077bf556d20 0000000000000100 0000000000000001 
GPR08: c0000077c32710d8 c0000077c3271220 c0000077c3271248 c000007995c28508 
GPR12: 0000000084002428 c00000000fff7e00 c0000000000f2e08 c0000077c48c4040 
GPR16: 0000000000000000 0000000000000000 c0000079940102a8 c000007994010078 
GPR20: c000007994010020 0000000000000000 0000000000000000 0000000100000000 
GPR24: 0000000000000000 0000000000000000 c0000077bf556c20 c0000077bf556d20 
GPR28: 0000000000000100 0000000000000100 c0000077bf556d20 c0000077c3271000 
NIP [c000000000568800] n_tty_receive_buf_common+0xb0/0xbc0
LR [c0000000005687e8] n_tty_receive_buf_common+0x98/0xbc0
Call Trace:
[c0000077c49fbb10] [c0000000005687e8] n_tty_receive_buf_common+0x98/0xbc0 (unreliable)
[c0000077c49fbbe0] [c00000000056d02c] tty_ldisc_receive_buf+0x3c/0xd0
[c0000077c49fbc10] [c00000000056dedc] tty_port_default_receive_buf+0x5c/0xe0
[c0000077c49fbc50] [c00000000056d340] flush_to_ldisc+0x110/0x130
[c0000077c49fbca0] [c0000000000ea88c] process_one_work+0x1dc/0x550
[c0000077c49fbd30] [c0000000000eac88] worker_thread+0x88/0x5c0
[c0000077c49fbdc0] [c0000000000f2f60] kthread+0x160/0x1a0
[c0000077c49fbe30] [c00000000000bc60] ret_from_kernel_thread+0x5c/0x7c
Instruction dump:
fba1ffe8 fbc1fff0 f821ff31 f9010030 eb3f0280 483ee2a5 60000000 393f0220 
395f0248 f9210020 f9410028 60420000 <e9192260> 7c2004ac 80ff0130 e8d90000 
---[ end trace b30eea9f71cf8d4a ]---


Thanks for the help
Mikey

On Mon, 2017-04-10 at 00:59 +0800, Wang YanQing wrote:
> This patch could fix the issue that free_tty_struct in tty_io
> calling tty_ldisc_deinit without holding tty->ldisc_sem.
> 
> Signed-off-by: Wang YanQing <udknight@gmail.com>
> ---
>  drivers/tty/tty_ldisc.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
> index b1f7fa5..674421b 100644
> --- a/drivers/tty/tty_ldisc.c
> +++ b/drivers/tty/tty_ldisc.c
> @@ -771,7 +771,9 @@ void tty_ldisc_init(struct tty_struct *tty)
>   */
>  void tty_ldisc_deinit(struct tty_struct *tty)
>  {
> +	tty_ldisc_lock(tty, MAX_SCHEDULE_TIMEOUT);
>  	if (tty->ldisc)
>  		tty_ldisc_put(tty->ldisc);
>  	tty->ldisc = NULL;
> +	tty_ldisc_unlock(tty);
>  }

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-04-10  0:33 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-09 16:59 [PATCH] tty:tty_ldisc: add tty_ldisc_lock|unlock to prevent concurrent update to ldisc in tty_ldisc_deinit Wang YanQing
2017-04-10  0:33 ` Michael Neuling

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).